Created
June 20, 2020 09:12
-
-
Save hacker1024/3bd438f5764921f09d8a63d1e576606f to your computer and use it in GitHub Desktop.
Dell UEFI HDR extractor (thanks to JimboBobB @ https://forums.mydigitallife.net/threads/i-present-you-a-tool-to-decompress-dell-uefi-bios.44785/)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python2 | |
#This script finds the compressed data embedded in a Dell BIOS update program | |
#and decompresses it to an apparent HDR file. The main data seems to start | |
#at offset 0x58 in the HDR FWIW | |
import zlib | |
import sys | |
import re | |
import binascii | |
if(len(sys.argv) < 2 or sys.argv[1] == "-h"): | |
print "usage: python DecompNewDell.py <biosupdate.exe>" | |
exit() | |
f = open(sys.argv[1], "rb") | |
string = f.read() | |
#The 0x789C at the end is the zlib header. | |
#It's necessary to check for that too because the string | |
#appears a couple times in the file. | |
pat = re.compile(r'.{4}\xAA\xEE\xAA\x76\x1B\xEC\xBB\x20\xF1\xE6\x51.{1}\x78\x9C') | |
match = pat.search(string) | |
#Once you find that string, the first 4 bytes are the little endian | |
#size of the compressed data. The span will give you the starting | |
#offset into the file where it is found | |
(start_match, end_match) = match.span() | |
#print match.span() | |
compessed_len = string[start_match:start_match+4] | |
#Now switch the order around since it's little endian | |
#and also convert it to a hex string | |
compessed_len = binascii.b2a_hex(compessed_len[::-1]) | |
#and then make it a proper number (separate lines for clarity) | |
compessed_len = long(compessed_len, 16) | |
#read len bytes out of the file into the new string to decompress | |
f.seek(start_match+16) | |
string = f.read(compessed_len) | |
o = zlib.decompress(string) | |
f2 = open(sys.argv[1] + "_decompressed.hdr", "wb") | |
f2.write(o) | |
f.close() | |
f2.close() | |
print "Decompressed data written to %s_decompressed.hdr" % sys.argv[1] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment